AWS and Cloudanix team co-authored this blog: Real-Time Threat and Anomaly Detection for Workloads on AWS

Cloudanix

AWS Lambda Audit

Your Amazon Lambda functions should not have administrative permissions in order to promote the Principle of Least Privilege.

Lambda Functions Should Not Have Administrative Permissions

Your Amazon Lambda functions should not have administrative permissions in order to promote the Principle of Least Privilege.

Lambda Functions Should Not Be Publicly Accessible

Any publicly accessible AWS Lambda functions should be identified and their access policy should be updated in order to protect against unauthorized users that are sending requests to invoke these functions.

AWS Lambda Should Have DLQ Configured

You should configure a dead letter queue (DLQ) on AWS Lambda to give you more control over message handling for all asynchronous invocations.

Lambda Functions Should Have Default Timeout Set

Your AWS Lambda Functions should have default timeout set in order to achieve greater relaibility and availability.

Lambda Functions Should Have Aliases

It is reccommended that you should use aliases for your AWS Lambda Functions.

AWS Lambda Functions Should Not Have Too Many Versions

AWS Lambda Functions should not have too many versions. This may led to security lapses and performance degradation.

Lambda Functions Should Have Latest Runtime Version

You should always use the latest version of the execution environment for your Amazon Lambda functions in order to adhere to AWS best practices and receive the newest software features, get the latest security patches and bug fixes, and benefit from better performance and reliability.

Lambda Functions Should Not Use Deprecated Versions

You should not use the deprecated versions of the execution environment for your Amazon Lambda functions in order to adhere to AWS best practices.

Lambda Functions Should Have Tracing Enabled

Tracing should be enabled for your AWS Lambda functions in order to gain visibility into the functions execution and performance.

Multiple Functions Should Not Have The Same IAM Role

Amazon Lambda functions should not share the same AWS IAM execution role in order to promote the Principle of Least Privilege (POLP) by providing each individual function the minimal amount of access required to perform its tasks.

CloudTrail Should Be Enabled For AWS Lambda

CloudTrail captures API calls for AWS Lambda as events. The calls captured include calls from the AWS Lambda console and code calls to the AWS Lambda API operations.

Lambda Functions Should Have Tags

You can tag Lambda functions to organize them by owner, project or department. Tags are freeform key-value pairs that are supported across AWS services for use in filtering resources and adding detail to billing reports.

Lambda Functions Should Not Allow Cross Account Access

Your Amazon Lambda functions should be configured to allow access only to trusted AWS accounts in order to protect against unauthorized cross account access.

Lambda Should Have Access To VPC-only Resources

Your Amazon Lambda functions should have access to VPC-only resources such as AWS Redshift data warehouses, AWS ElastiCache clusters, AWS RDS database instances, and service endpoints that are only accessible from within a particular Virtual Private Cloud (VPC).

cta-image

Secure Every Layer of Your Cloud Stack with Cloudanix

Unify your security workflows with Cloudanix — one dashboard for misconfigurations, drift detection, CI/CD, and identity protection.

Get Started

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.